I'm a staff writer for Forbes, writing about investing, personal finance, markets, news, tech and whatever else falls through the cracks. I manage Intelligent Investing, and have the privilege of interviewing some of the greatest minds in investing, business and politics through Steve Forbes' Intelligent Investing interview series. Keep an eye on this space to see what guests are sitting down with Steve, suggest questions you'd like to hear answered, and keep tabs on what today's movers, shakers and rock-solid veterans have to say.

Anonymous Claims Possession Of Insidious Stuxnet Virus

Houston, we have a problem. Or should I say, “Iran, we have your problem?” Last night, a member of hacker group Anonymous – a devious 4chan-spawned Internet coalition known for increasingly serious web-based attacks – announced on Twitter that the group was in possession of the Stuxnet virus.

“Anonymous is now in possession of Stuxnet – problem, officer?” tweeted user by the name of Topiary. Topiary’s profile describes the user as an online activist and a “Supporter of Anonymous Operations, WikiLeaks, and maintaining freedom on the Internet.”

To me, two huge questions arise from Anonymous’ claim:

Are they actually in possession of Stuxnet?

Can they do anything with it?

The answer to both questions, of course, is maybe. But let’s dive a little deeper.

Recently, Anonymous has been in the news for its high profile attacks on software security firm HBGary, after Aaron Barr, the CEO of HBGary’s sister firm HBGary Federal, claimed to have acquired the names of senior Anonymous members and threatened to release them to the public. Forbes’ Parmy Olson has done a fantastic jobcovering that affair.

Post Your Comment

Post Your Reply

Forbes writers have the ability to call out member comments they find particularly interesting. Called-out comments are highlighted across the Forbes network. You'll be notified if your comment is called out.

We have a problem. Stuxnet has been added to the Metasploit hacking toolkit. This is a serious issue that we need to address immediately. This means that attackers can leverage the Stuxnet code and make adjustments to the source code and release it on any industry they wish. They can attack power plants, car factories, donut shops, paper factories, energy companies etc… This code can be tweaked to attack any industry in the country. Mysterious things are going to start happening. For unexplained reasons gas pipes will explode, factories will catch fire, and satellites will fall out of the sky. We are preparing ourselves for the Cyber Pearl Harbor (http://goo.gl/zwGz0) and it is coming very very soon. Millions of Americans will die. We are using a Megacommunity (goo.gl/d6TzH) to attempt to minimize the effects. We are engaging our enemies in the world’s first Cyberwar and only a fraction of the world is aware of the covert Cyberwar. Right now no one from the Executive Branch will declare Cyberwar due to the threat of assassination. I am currently pursuing the office of National Cybersecurity Advisor. S.778 creates the office that I will be filling. My very first task when I get into the Whitehouse is to declare Cyberwar against all malicious Hackers, Cyberterrorists, state sponsored Spies, and actors from foreign intelligence agencies.

I love Linux. Indeed, I’m “soaking in it now.” I’ve been using it as my primary OS since ’96, and I fired it up first in ’94.

But, with all due respect, your response is, at best, naive.

ANY operating system will contain bugs. And a virus like Stuxnet — one that is very carefully crafted to do one specific thing — will take into account whatever vector is needed to get to its destination. If you think Linux or BSD are free of exploitable bugs, may I direct your attention to CERT (www.cert.org), where you’ll find that neither is impervious.

It’s my earnest belief that Open Source is inherently better at security: having the code there for everyone to read does, granted, help the bad guys, but it also helps the good guys look for vulnerabilities, too — and to fix them. But I’m also intellectually honest enough to admit that the primary reason there are so many viruses that attack Windows isn’t because of its security (or lack thereof), but, rather, because of its market share. And the exact same holds true for Mac OS-X. Not inherently more secure, just far fewer machines.

If you need any further proof that Unix ain’t perfect, think of the one and (to the best of my knowledge) only time the whole ‘Net was brought to its knees: the Morris Worm.

I really hate to break anybody’s bubble here but somebody having Stuxnet is not a big deal. It is fairly easy to get a copy of the thing and you don’t have to attack anything. It is posted on security sites. If not, I think I read somewhere that Iran has 60,000 copies of it. I’m sure that any reasonably sophisticated hacker knows very well how to get their hands on malicious code. It is generally more available to them than it is to those on the other side of that fence.

If they got access to the source code for Stuxnet by hacking HBGary that is something else. Which then begs the question: where did HBGary get the source code from? Why would they have that if they didn’t write it? There is also a reference to Anonymous discovering that HBGary was trying to sell a botnet. What’s up with that?

Stuxnet is an open source virus. Literally anyone can download and tinker with it. So it’s very likely anonymous has it in their possession because literally anyone can have it in their possession. The only real question you should be asking is what they will do with it. If anything.